SLAC AntiCheat Software Hacking

Windows 2000 fixes and solutions for apps

SLAC AntiCheat Software Hacking

PostPosted by soma » Sat Nov 13, 2010 8:23 pm

Hello there,
I'm coming here because I'm trying to get a software working under windows 2000.
Its called "SLAC anticheat"; its supposed to prevent cheat abuses for a game called Enemy Territory.

I've already succeed to patch teamspeak 3 and mumble 1.2.2 ( http://sourceforge.net/projects/mumble/forums/forum/492606/topic/3501105) to get it working under windows 2000. Thanks to the wrapper pack builders for this !

So here I am, I basically tried to get the software working by the same way I did for mumble and ts3. But unfortunately it didn't work.


I got 2 differents versions of the software:

-The first one is an old one, the error message I get is a missing function in Kernell.dll : ConvertFiberToThread

-The second one is the last version. The story is I asked to the programmer to update his software to make it compatible with win2k. obviously he failed because now the message I get is: "not a valid win32 application"


So here is my dillema: I would like to get this slac.exe working, but I can't make so many tests because Im not really aware of what I do, and I don't want to fuck up ts3 and mumble 1.2.2 working patches.

I would be really grateful if someone here could help me, I absolutely don't want to switch to XP for several reasons. No need to explain them here I guess. :o)

Thanks in advance...

One more thing if it could help: the guy is alone to code this software. And he can be found on IRC at:
server: irc.quakenet.org
channel: #speedlink.anticheat
nickname: khaplja

You can also talk to me there (/q soma`)


Sorry about this very long post but I don't want to forget anything that could help to solve this problem.
soma.
soma
 
Posts: 15
Joined: Sat Nov 13, 2010 7:48 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by OldBoy2k » Sat Nov 13, 2010 8:59 pm

Hi soma,

welcome to Win2kgaming forum and thankyou for the feedback.The "not a valid 32bit application" error can be easily avoided by editing the MinorSubsystem header with PE Tools.When you've done that please profile the libraries and executable of this anticheat program and upload the DWI(s) so i can take a look at them.

1) PE Tool program and guide can be found in the Tools & Info forum
2) to profile the libraries and executable with Dependency Walker see my signature (please follow part.1 and part.2)

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by soma » Sat Nov 13, 2010 9:17 pm

OldBoy2k wrote:Hi soma,

welcome to Win2kgaming forum and thankyou for the feedback.The "not a valid 32bit application" error can be easily avoided by editing the MinorSubsystem header with PE Tools.When you've done that please profile the libraries and executable of this anticheat program and upload the DWI(s) so i can take a look at them.

1) PE Tool program and guide can be found in the Tools & Info forum
2) to profile the libraries and executable with Dependency Walker see my signature (please follow part.1 and part.2)

BR
OldBoy2k



First of all, thanks for your answer:

Here are the DWIs logs:
http://lemonindigo.free.fr/ET/slac/SLAC_profile.dwi
http://lemonindigo.free.fr/ET/slac/SLAC.dwi


I'm going to check PE Tools by now, even though I finally succeed to bypass the "not a valid win32 appli" message with exe force converter, by using the executable rewrite option for win2k sp4.



[EDIT]
http://lemonindigo.free.fr/ET/slac/SLAC_basicEXE.dwi
Here is the basic file from there website without the MSI/EXE Convertor patching. With this one it blocks the loading before the start with the message "not a valid win32 appli"
[/EDIT]
soma
 
Posts: 15
Joined: Sat Nov 13, 2010 7:48 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by soma » Sat Nov 13, 2010 9:33 pm

Ok, I made the PE Tools modifications, and now as expected the software loads, and the message is : "EncodePointer could not be found in Kernell32.dll"

Here is the DWI final log report:

http://lemonindigo.free.fr/ET/slac/SLAC_afterPE-ToolsEdit.dwi

soma.
soma
 
Posts: 15
Joined: Sat Nov 13, 2010 7:48 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by OldBoy2k » Sat Nov 13, 2010 9:40 pm

Hi,

please also open the other libraries of the anticheat engine to verify no other missing export exist.The Kernel -DecodePointer/EncodePointer APIs can be fixed with OCW and KDW wrapper.I don't know what happens to the Kernell.dll - ConvertFiberToThread API from the old version but in case its still required, you can fix this with the KDW Kernel.

We are working on the next OCW wrapper 2.0 update which will also support this API so stay tuned :D

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by soma » Sat Nov 13, 2010 9:51 pm

OldBoy2k wrote:Hi,

please also open the other libraries of the anticheat engine to verify no other missing export exist.The Kernel -DecodePointer/EncodePointer APIs can be fixed with OCW and KDW wrapper.I don't know what happens to the Kernell.dll - ConvertFiberToThread API from the old version but in case its still required, you can fix this with the KDW Kernel.

We are working on the next OCW wrapper 2.0 update which will also support this API so stay tuned :D

BR
OldBoy2k



The thing is he removed this ConvertFiberToThread API because it caused too many problems, now the last version works without - as far as I know -

This encode/decode pointer has been succefully patched with OCW wrapper pack but some of the functions process are still missing as I understand.

For example this one:
Code: Select all
GetProcAddress(0x7B000000 [KERNEL32.DLL], "IsTNT") called from "OLEAUT32.DLL" at address 0x77A148A2 and returned NULL by thread 3. Error: could not find specified process(127).


Here is the interesting log:
http://lemonindigo.free.fr/ET/slac/SLAC_profile.dwi


When you ask me to open other libraries you mean these 2 DLLs given with the exe I guess
libcurl.dll and zlib1.dll.

thanks again for your help by the way ! :>
soma
 
Posts: 15
Joined: Sat Nov 13, 2010 7:48 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by soma » Sat Nov 13, 2010 10:42 pm

After trying to patch the exe once again. I checked it with dependency walker and here are the missing functions


Missing functions:

FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
IsTNT


I will dig in more tomorrow...
thank you in advance for any help...

soma.
soma
 
Posts: 15
Joined: Sat Nov 13, 2010 7:48 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by OldBoy2k » Sun Nov 14, 2010 2:34 am

None of the APIs you listed is of importance.Check my list of non-essential APIs:

Win2kgaming: Quick Fix Guide

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by soma » Sun Nov 14, 2010 3:19 pm

OldBoy2k wrote:None of the APIs you listed is of importance.Check my list of non-essential APIs:

Win2kgaming: Quick Fix Guide

BR
OldBoy2k



Hmm, first of of all, Thank you for your precious help.

As I wrote yesterday on my post, I'm now able to get the software launching. But it stops on an error message.
By browsing DWI log I can see all these non-essential APIs but I can also see one located in MPR.DLL named WNetRestoreConnectionA.
I'm not really really sure if its the reason the software doesnt want to completely start. But to be honest, and after some time of differents tutorials reading, I'm still totally lost about all of this. :<
I tried to bind this API to my exe trough differents ways without success. Now I'm kind of stuck... :/

Here is the last DWI report log:
http://lemonindigo.free.fr/ET/slac/SLAC_final.dwi

soma.
soma
 
Posts: 15
Joined: Sat Nov 13, 2010 7:48 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by OldBoy2k » Sun Nov 14, 2010 3:34 pm

^^ what a mess XD

1) delete apphelp.dll in c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\APPHELP.DLL
2) delete all these c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\ADVAPI32.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\ADVAPI32_ORG.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\KERNEL2K.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\KERNEL32.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\KERNEL32_ORG.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\KERNELXP.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\SHELL32.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\SHELL32_ORG.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\USER32.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\USER32_ORG.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\WS2_32.DLL
c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\slac\slac_patched2\WS2_32_ORG.DLL


Make sure you copy the following wrapper kernel:
a) Kernel32.dll (OCW Wrapper pack v1.9) -> don't rename it just copy it to the c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\ folder
b) Kernel32.dll (System32 Kernel32.dll) -> copy TEMP and then rename to Kernel32_ORG.dll copy it to the c:\program files\wolfenstein - enemy territory\slac_test\slac(6)\ folder

then pls upload the profiled DWI again.Thankyou

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by soma » Sun Nov 14, 2010 7:21 pm

Indeed, a real mess. :s sorry about that ! I was really lost at the end.

So here is the last dwi (hope it's really proper now):
http://lemonindigo.free.fr/ET/slac/SLAC_proper.dwi

Here is the rar package with all the files:
http://lemonindigo.free.fr/ET/slac/SLAC_proper.rar

Here is the base I'm trying to get working:
http://lemonindigo.free.fr/ET/slac/slac_base.rar
soma
 
Posts: 15
Joined: Sat Nov 13, 2010 7:48 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by OldBoy2k » Sat Nov 20, 2010 1:33 pm

Hi Soma,

sorry for the late response.Its a problem with the Header Minor Subsystem Version in client.slac and ET.slmod

Code: Select all
C:\Documents and Settings\Administrator\Application Data\SLAnticheat\


BlackWingCat wrote about it:
SLAC.EXE itself is non-executable, fcwin rewrite the executable.
In addition, Kernel32 against non-compliant, so I use the function, KDW's easy to install and run the kernel32.

In fact,
% APPDATA% \ SLAnticheat has been downloaded to the client.

Even with the Clinet.slac.exe Client.slac fcwin after rewriting executable in this folder if you run Easy Install kernel32, you can start.

By the way, after the Registration, Web site logged, please be careful because you can not log out errors like this do not read and accept the Terms of Service.


BlackWingCat: SLAC SPEEDLINK ANTICHEAT Windows 2000

So for Slac.exe Kernel32.dll - DecodePointer/EncodePointer can be fixed with OCW and KDW wrapper.

We work on a more handy solution for this problem.

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by soma » Fri Nov 26, 2010 7:48 pm

Hello OldBoy2k, first of all, thank you for your answer.
I have now been able to launch the software like BlackWingCat did.
But I'm now experience a new kind of error: it crashes the game at launching.
(see the screen below)
Image

So, it appears now the game (ET.exe ) crashes. the message reported by SLAC is "couldn't allocate memory in the game process (0x5)".
I tried to find out a log in event viewer but there is nothing.
Once again, im stuck.

Here is the way I proceeded:
1> I renamed slac.client in %APPDATA%\SLAnticheat to slac.client.exe.
2> I launched BWC tool and I checked executable, OS vers: win2000 sp4
3> I copied kernel32.dll from ocw wrapper pack to %APPDATA%\SLAnticheat

When all of this is done, I choose the game path and try to get the game loaded by slac the error appears. the screenshot talks by itself.

ps: the coder said he plans to recompile the software with another C editor. If there is no other solution I will try to solve this w2k issue with the new slac version.

Thank you for your future answers and for following that case. :o)

ps2: I noticed I didnt translate the error message in french, I guess you got it but here it is anyway: "ET.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created."
soma
 
Posts: 15
Joined: Sat Nov 13, 2010 7:48 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by OldBoy2k » Fri Nov 26, 2010 8:55 pm

Hi,

you tried slac.client without renaming?Usually you don't need to rename anything since the wrapper is working regardless the extension.

Could you please upload the profiled et.exe (following Part1. and 2.)?

Crashlog..so you should find a Dr.Watson crash-dmp which you can analyze with various tools (for example DebugDiag).What does it say?

BR
OldBoy2k
OldBoy2k
 
Posts: 1351
Joined: Fri Feb 15, 2008 5:10 pm

Re: SLAC AntiCheat Software Hacking

PostPosted by soma » Sat Nov 27, 2010 4:14 pm

Hello OldBoy2k,
this thing is driving me 'a bit' crazy !
I'm not sure I understood the way I should proceed, maybe its due to the japanese/english approximative translation :/ .
And:
you tried slac.client without renaming?Usually you don't need to rename anything since the wrapper is working regardless the extension.

Could you explain me step by step how I should be able to get the software working without renaming the slac.client to slac.client.exe please ?
Once again im lost :x

Anyway,
soma
 
Posts: 15
Joined: Sat Nov 13, 2010 7:48 pm

Next

Return to Backporting Applications

Who is online

Users browsing this forum: No registered users and 1 guest